Starting today we are gradually rolling out Sophos AMSI Protection to the Recommended release for endpoints. In a first phase only new Sophos Central customers (with the right license), and a very small percentage of existing Sophos Central customers will see this.

While we have tested this technology a lot, internally as well as in this EAP, it is still a new technology so we want to be sure all works well.

If all goes well the roll-out will be completed by the end of April.

The roll-out of Sophos AMSI Protection for servers is scheduled next quarter.

How do I know if Sophos AMSI Protection is enabled on my devices?

In Sophos Central go to a Threat Protection policy for your endpoints. Scroll down to the AMSI setting. If the banner under it has changed from saying this feature is available in the Endpoint Protection EAP to "This setting applies to computers running the latest version of Core Agent", it means your endpoint devices can be protected with Sophos AMSI Protection without the need to have joined the EAP.

Devices that are participating in the EAP still have Sophos AMSI Protection, so there is no need to do anything.

Should I leave the EAP once I have Sophos AMSI Protection?

The EAP does not only feature AMSI, but also other new protection technologies, such as IPS and new Intercept X features. In addition, we'll update the EAP with new protection technologies or versions in the future, so it is certainly worth keeping your devices in the EAP.